On 2016-04-12 11:37, Tim Watts wrote:
Sir, you are a genius :)
On 11/04/16 07:31, Michael Ströder wrote:
# some entries matching filter
access to
attrs=userPassword
filter=(!(employeeType=Archive)(employeeType=Delete))
by ..some who clauses for setting password
by * auth
# all other entries
access to
attrs=userPassword
by * none
Very slight tweak to the syntax
Ah yes, filter was wrong.
(with huge thanks - I would not have
guessed this was the required technique - I was concentrating on
finding an "auth" ACL when I was googling.)
Writing OpenLDAP ACLs is a bit like functional
programming - at least to what I vaguely remember
from my time at University many years ago.
I'd recommend to look into the OpenLDAP FAQ to
find some more not so obvious examples.
Ciao, Michael.
